What’s your current process for generating SBOMs?

Threat & Vulnerability ManagementSecure Code & Automation (DevSecOps)Security Strategy & Roadmap
2.7k views4 Upvotes6 Comments
Director of IT in Consumer Goods, 5,001 - 10,000 employees
generate an SBOM for every new release of a component. This SBOM can be generated on the source code, at build-time, at runtime, on the binary, or on a container image.
IT Director in Education, 5,001 - 10,000 employees
We are still establishing a formal process for generating and recording our software bill of materials (SBOMs). This is relatively new since it has only been less than 2 years ago that the executive order was signed by the federal government. More to report in the future as we mature in our SBOMs posture.
Senior Director IT Architecture in Finance (non-banking), 5,001 - 10,000 employees
We build them during the CI process and record them on the GRC and CMDB, then in the artifactory location, that helps us keep track and identify drifting.
PMO – Engineering in Software, 5,001 - 10,000 employees
Get a real-time inventory of all software components; discover affected software; review vulnerability findings; plan corrective actions.
1
SVP & Director, IT Operations in Finance (non-banking), 1,001 - 5,000 employees
we have yet to finalize a process, interested to hear and see what others do
1
Manager in Services (non-Government), 10,001+ employees
As Generating an software bill of materials (SBOM) typically involves using specialized tools or software to scan the codebase of the software and identify its components and dependencies, we are still establishing a formal process for recording and generating our SBOMs. 

As the information can then be compiled into a detailed list or inventory, which are critical to us for various purposes, such as security analysis, compliance, and supply chain management, generating an SBOM for every new release of a component is our ultimate goal.

Content you might like

Are you personally in favor of the Open App Markets Act, which is currently moving through the US Senate?

Security Strategy & RoadmapIT Strategy & RoadmapNews+1 more

Yes77%

No20%

Other (share below!)4%


197 PARTICIPANTS
864 views1 Upvote1 Comment

Are cryptocurrencies "the essence of ransomware"?  https://www.cnbc.com/2021/06/03/ex-sec-cyber-chief-crypto-says-investors-are-enabling-ransomware-attacks.html

Security & GRCDisruptive & Emerging TechnologiesThreat & Vulnerability Management+1 more

Yes76%

No24%


199 PARTICIPANTS
1.3k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
42.5k views131 Upvotes319 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
3.2k views5 Upvotes5 Comments

What's your initial reaction to Cisco acquiring Splunk?

Applications & PlatformsSecurity Strategy & RoadmapIT Strategy & Roadmap
1.2k views1 Upvote1 Comment